Web site owners and web site users have a vested interest in protecting the security of web applications and web services provided to various users. However, many web applications and web services are prone to input validation vulnerabilities, which may result from inadequate or incorrect sanitation of user-supplied inputs to the web applications and web services. Inadequate or incorrect validation and/or sanitization of these inputs can arise from invalid input assumptions made by a developer for a particular application. Injection attacks, also known as code injection attacks, exploit input validation vulnerabilities by injecting inputs including special characters and/or markers that alter the behavior of a targeted application in some undesirable manner. Injection attacks include SQL injections, cross-site scripting (XSS), command shell injection, and other types of injection attacks. Such attacks have become prevalent across web applications and can have devastating consequences to the targeted web application, including information leakage and privilege escalation, in which an attacker may gain full control of a system under attack.